Sunday, March 29, 2009

Mac OS X Kernel Exploit PoC Code Published

Proof-of-concept exploit code has been posted online for six kernel vulnerabilities, five of which affect Mac OS X 10.5.6, the most current version of Apple's operating system software.

The vulnerabilities were discussed at CanSecWest 2009 last week during a talk about security flaws in the FreeBSD, Mac OS X, and Solaris kernels by security researchers Christer Oberg and Neil Kettle of Convergent Network Solutions.

One of them, a local kernel root exploit in FreeBSD 7.0/7.1, has been patched.

The five that affect Mac OS X, which uses the Mach kernel and incorporates portions of FreeBSD Unix, remain unpatched.

In an e-mail, Kettle explained that the vulnerabilities exploited were not disclosed to Apple when they were found and remained private until they were published to Milw0rm.com on Monday. He said no one has yet complained about the disclosure of the vulnerabilities, noting that in his experience, kernel bugs are not as serious as other vulnerabilities. "We wanted to show how easy it still is to break production kernels in well-used operating systems," he said.

Inaki Urzay, CTO of Panda Security, said the proof-of-concept code isn't an immediate threat but that it could be in the future. "The vulnerabilities are proofs of concept that demonstrate the code can take control of a machine, either via creating a privilege escalation modifying the users or launching DoS local attacks against the PC," he said in an e-mail. "The proof of concept code has the ability to create a new system volume, call to some OS functions, change the user ID, and so on, without administrative privileges."